Thursday, 14 July 2016

Python for Network Engineers - Part 5 - Using Junos NETCONF interface

In previous blog articles we focused on using python to
interact with REST APIs. In the next few
blog posts we’ll look at NETCONF interfaces.
In this article we’ll look at interacting with Juniper Junos devices
using the ncclient Python module.

NETCONF background

The purpose of these articles is to get you automating very
quickly with Python so I’m not going to go into a lot of depth here. However NETCONF is an IETF standard and is
documented in RFC 6241.

Many vendors have implemented NETCONF interfaces including
Cisco, Juniper, HP and Huawei. There are
standardised YANG data models from the IETF, OpenConfig and OpenDaylight as
well as vendors specific data models.
Please see the github site in the references section to get a copy of
these data models.

In terms of NETCONF “controllers” then we can use ncclient
inside python, OpenDaylight and a commercial offering from tail-f. It should be noted that Tail-f was bought by
Cisco and is at the heart of their Network Services Orchestrator (NSO) and
Virtual Topology System (VTS) products.
This gives you an idea of how powerful NETCONF can be.

Specific to Juniper then there was some excellent blog
articles written by Jeremy Schulman (Automaniac) and a “Junos EZ” Python module. However much of the development in Junos EZ
has been incorporated into ncclient so we will just use this library for this
blog post. The good thing about using
Junos with NETCONF is that it is supported across all Junos devices (SRX, MX,
EX, J Series) with the same data models so it’s very easy to use.

Junos NETCONF interface

For this example I’m using a Junos vSRX and Ubuntu Linux
with Python. Please see references
section at the bottom for a link to vSRX download.

Junos Setup

On the Juniper device then all you need to do is enable the
one command below. You may also wish to
make a dedicated user for accessing the device whilst scripting.

set system services netconf ssh

commit

We can test our Junos device is NETCONF capable by doing a
simple SSH command from the Linux prompt:

james@ubuntu:~$ ssh
root@192.168.229.11 netconf

root@192.168.229.11's password:

<!-- No zombies were killed
during the creation of this user interface -->

The first thing we notice is that
the data we get back is in XML format.
If we install “xmltodict” with pip then we can work with the data in an
easier way within Python.

import xmltodict, json

d = xmltodict.parse(xml)

print json.dumps(d, indent=2)

Now we have the same data in a dictionary object called "d". To show we you a few examples of what we can do, next we will drill down to see all the keys under
the configuration section, print that section and then pull out a specific
value from the output.

d['rpc-reply']['data']['configuration'].keys()

print json.dumps(d['rpc-reply']['data']['configuration'],
indent=2)

print
d['rpc-reply']['data']['configuration']['system']['host-name']

Example 2

In the last example we used a standard NETCONF function
“get-config” which is part of the IETF data model and documented in the RFC.
However for this example we’re going to use some Junos specific calls to
run operational mode commands (i.e. same command you would run on a Junos
command prompt). By specifying the
device_params parameter we tell ncclient that it’s a junos device and to enable
this functionality.

We will use “s” as our session object and reply data will be
stored in “r”:

We can then repeat this for any
operational level commands we want and parse the output however we wish. For example:

r = s.command(command='show version')

print
json.dumps(xmltodict.parse(r.tostring), indent=2)

r = s.command(command='show interfaces')

print
json.dumps(xmltodict.parse(r.tostring), indent=2)

Example 3

In this last example we will make changes to the
configuration and commit them. We will
assume you have already connected to the Junos device and created your session
object “s” as per the last example.

If we are doing this in a script then we want
to capture the output of each of the last four commands and check they completed
correctly. However for this blog article
we are running it interactively so we can see if any errors are generated and we can just check the configuration on the Junos device and see easily if the
configuration was applied correctly or not.

Next Article

In the next article we’ll see how you can use NETCONF on
Cisco Nexus devices. Similarly to Junos
we will be able to just send show and configuration level commands with ease !